Obtain a store-level API account with the Storefront API Tokens scope (create/manage) from the BigCommerce control panel under Advanced Settings > API Accounts.
Send POST https://api.bigcommerce.com/stores/{store_hash}/v3/storefront/api-token with header X-Auth-Token set to your API account access token and Content-Type: application/json.
Provide a JSON body with at minimum: channel_id (integer, the storefront channel — default is 1), expires_at (Unix timestamp for token expiry), and optionally allowed_cors_origins (array of origin strings).
The response contains a token field — this is the JWT bearer token your storefront client will use in Authorization: Bearer headers when calling the GraphQL Storefront API at https://store-{hash}.mybigcommerce.com/graphql.
For customer-specific tokens (accessing customer-specific pricing, cart, and account data), use the separate POST /v3/storefront/api-token-customer-impersonation endpoint instead.
Known gotchas
The correct endpoint is /v3/storefront/api-token — earlier community examples citing /v2/api/storefront/... do not exist and will return 404.
Token scope is tied to the channel_id; a token issued for channel 1 will not grant access to a headless channel — generate separate tokens per channel.
Storefront tokens are short-lived JWTs; cache and refresh them before expiry rather than generating one per request, as there are rate limits on the management API.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp